Linux kernel built with the KVM virtualisation support(CONFIG_KVM), with nested virtualisation(nVMX) feature enabled(nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access(r/w) hardware CR8 register of the host(L0). In a nested virtualisation setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS. Upstream patch -------------- -> https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/09/26/3
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1491225]
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1491231]
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
Acknowledgments: Name: Jim Mattson (Google.com)
This was fixed for Fedora with the 4.13.5 stable updates
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:0676
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2019:1946